Security Provider - Local User¶
The Local User security provider type is a forms-based authentication provider. It allows users to log into Vinyl using a user name and password. Passwords are stored within Vinyl.
Configuration¶
The Local User security provider is enabled by default. It cannot be disabled. However, individual users must have the Allow Local Authentication option enabled.
Parameters¶
The Local User security provider defines the following parameters.
| Parameter | Default | Description |
|---|---|---|
| AccountLockoutThreshold | Maximum number of failed attempts before the account is locked. A value of zero (0) indicates that the account lockout feature is disabled. | |
| AccountLockoutDuration | The period of time (in minutes) for which the account will remain locked. A value of zero (0) indicates that the account will remain locked until an Administrator manually unlocks the account. | |
| AccountLockoutReset | The period of time (in minutes) after which the failed attempt counter is reset. A value of zero (0) indicates that the counter will not be reset. |
Password Storage¶
As noted above, when using the Local User security provider, passwords are stored within Vinyl. Passwords are stored in a cryptographically secure manner. Specifically, Vinyl uses the following scheme:
| ----------------------- | -------- |
| Key Derivation Function | PBKDF2 |
| Hash Algorithm | SHA-256 |
| Key Length | 16 bytes |
| Iterations | 10,000 |
| Salt Length | 16 bytes |
Account Lockout¶
See Account Lockout (3.2, 3.3) for information regarding the account lockout feature.